To Next Page

To Previous Page

110 | RMC-100| 2105552MNAE

6.7 Secure the SSH/SFTP service

RMC devices implement the Secure Shell (Secure Shell, SSH) and Secure File Transfer Protocol

(Secure File Transfer Protocol, SFTP) service. This provides secure shell login access and file transfer

capability from a client PC or laptop.

SSH and SFTP provides secure access, instead of the unsecured access of Telnet and FTP in earlier

device generations.

SSH/SFTP communication is client-server based. The SSH/SFTP server is implemented in the Totalflow

device. The SSH/SFTP client is implemented in third-party software on the computer that

communicates with the device.

When the SSH/SFTP service is enabled, the SSH/SFTP server initializes and enters listening mode.

When the server is in listening mode, it can process requests for connection from SSH/SFTP clients.

The service grants connections only to properly authenticated clients.

6.7.1 Supported SSH/SFTP accounts

The table below lists the three SSH/SFTP accounts. Customers can access the Totalflow-user account,

which is read-only. The developer and tech-support accounts are only available to ABB personnel for

service and troubleshooting, or to advanced users and cybersecurity managers who want to generate

private keys to replace factory default keys.

IMPORTANT NOTE:

Call ABB Customer Support on the last page of this manual to request

Totalflow

-user account default private keys. See the SSH and SFTP service overview topic in PCCU

online help for instructions to establish read

-only SFTP connections.

Table 6-8: Security keys

Account

Name

Access

privileges

Default keys

Access

Totalflow-

user

Only SFTP

access

(Read-only)

Totalflow-user

private key

The following folders and their contents are available

for download:

– Crash Dumps

– Flash: Main Totalflow application (App), Factory

configuration, Startup (cold) configuration

– Logs: System and device loader log files

–

tfData: Running (warm) configuration files

Developer

Full SSH/SFTP

access

(Read-write)

Developer

private key

All file system

Tech support

Full SSH/SFTP

access

(Read-write)

Tech support

private key

All file system

6.7.2 SSH/SFTP authentication

Session keys encrypt the communication between the client and the SSH/SFTP server to provide

security. Authentication requires specific private-public key pairs for the type of access. ABB provides

default private keys and passphrases to customers upon request. ABB stores the default public keys at

the factory in a protected storage location on the device's flash. They remain unchanged by updates of

any of the device software components.

To request a connection to the SSH/SFTP service, provide the private key and passphrase. The service

compares the private key with the public key stored in the Totalflow device. If the keys pair correctly,

the connection is successful.

IMPORTANT NOTE:

Private keys do not ship with the product or user interface software. ABB

keeps the keys and credentials safely stored. Request keys for SSH/SFTP access. Enable the service

only if necessary.

Brand	ABB
Model	RMC-100
Category	Controller
Language	English

ABB RMC-100 User Manual

Table of Contents

Other manuals for ABB RMC-100

Questions and Answers:

ABB RMC-100 Specifications

Related product manuals